How Israeli Tech Firms Act as Global Agents of Repression

Two private intelligence companies hack political enemies in Africa, Europe, the Mideast, and the United States, for a price.

The NSO Group logo displayed on the company’s old office building in Herzliya, Israel. (AP Photo / Daniella Cheslow)

Israel is, in many ways, an anomaly among nations. While it considers itself a democracy, it is actually a national-security state. Its military-intelligence apparatus is ubiquitous in the everyday affairs of its citizens. These sacrifices of privacy and civil liberties are prices most Israelis are willing, even happy, to pay in return for security.

The Israeli army’s signals intelligence (SIGINT) branch, Unit 8200, is the largest unit in the IDF and one of its most prestigious. It is integrated into the overall intelligence apparatus, foreign and domestic, and is used to penetrate the affairs of Palestinians in granular detail, permitting the Shin Bet, Israel’s internal security agency, to cultivate informants and plan covert operations like targeted killings or arrests of security suspects. The cyber-surveillance technologies developed by Unit 8200 and the other intelligence agencies are a key component in maintaining Israeli control over the Palestinian people.

But in the past two decades or so, Israel has greatly expanded use of these technologies. Veterans of these spy shops have transferred their knowledge into the commercial sphere and marketed themselves as agents of repression for clients around the globe. This is a dark, dirty secret that lies behind the hype of the “start-up nation.”

Two Israeli companies are at the forefront of this commercialization of dirty ops: NSO Group and Black Cube. Those following the Harvey Weinstein scandal will remember that Black Cube was the cyber-surveillance firm that Weinstein’s lawyer, David Boies, hired after former Israeli prime minister Ehud Barak introduced Weinstein to the company. Black Cube employed covert schemes to trick Weinstein’s accusers into exposing themselves so that his legal defense might have more ammunition to discredit them in court and in the public realm.

When The New Yorker revealed Black Cube’s seamy activities, the involved parties scrambled into damage-control mode. Black Cube at first refused to confirm or deny working for the disgraced Weinstein (later, it apologized). Boies admitted signing a contract with the company, but insisted he had no role in determining the activities it would carry out for Weinstein. That allowed Weinstein’s victims to be exploited twice over—first by his sexually predatory behavior, and then by Black Cube, which sent agents posing as sympathetic individuals offering aid, comfort, and financial support, but who were actually preying on the victims and serving Weinstein’s interests.

Although this was the most public scandal involving Black Cube, it wasn’t necessarily the most consequential. Black Cube represents not only individuals like Weinstein; it also contracts with companies involved in litigation against competitors and, perhaps most momentous of all, it fulfills the goals of foreign intelligence services and political leaders by sabotaging those they consider to be enemies.

In Romania, two Black Cube agents were arrested in 2016 for attempting to hack the e-mail accounts of the nation’s corruption czar. You would think this might have restrained the company’s ambitions and perhaps lit a yellow light of caution in Israel’s political and security apparatus. But that didn’t happen.

When Cambridge Analytica whistle-blower Christopher Wylie exposed some of the darkest secrets of his former company and its efforts to sabotage the US presidential election, he also revealed that Black Cube partnered with his firm to dig up dirt on Nigeria’s presidential candidate Muhammadu Buhari during that country’s 2015 national election campaign. Apparently, the campaign didn’t work, as Buhari was elected.

SABOTAGING THE IRAN DEAL

After President Trump threw out the P5+1 Iran nuclear deal, former members of Barack Obama’s team who had negotiated that agreement revealed that they too had been hoaxed in a manner that mirrored the tactics used in the Weinstein case. According to Rebecca Kahl, the wife of Colin Kahl, national-security adviser to former vice president Joseph Biden, a mysterious woman e-mailed her in 2017, offering financial support for their children’s school. Rebecca’s e-mail correspondent repeatedly asked to meet with her to discuss how the correspondent’s financial firm could benefit the school. Fortunately, Kahl and her husband were savvy enough not to take the bait.

Trita Parsi, head of the National Iranian American Council, an Iranian-American NGO that supported the nuclear deal, was also approached in 2017 by a purported journalist. He sought to get Parsi to say that Kahl and another Obama administration official, Ben Rhodes, expected to exploit the nuclear deal for personal financial gain. Like the Kahls, Parsi smelled a rat.

The UK Observerreported in May that “aides to Donald Trump” hired “an Israeli private intelligence agency” to conduct a “dirty ops” campaign against Colin Kahl and Rhodes; the purpose of the mission was, presumably, to lay the groundwork for Trump’s abandonment of the Iran nuclear deal. (The Observer’s claim that Trump aides hired the agency has not been confirmed, but on the day after its article was published, Ronan Farrow in The New Yorkerreported that the agency in question was Black Cube. The company says it has no relation to the Trump administration, has not worked with Trump aides, and refuses “to confirm or deny any speculation” about its work.)

It should be troubling to Americans that an Israeli dirty-ops firm may have been working to sabotage US foreign policy. Israel is ostensibly an ally of this country. It could be that Black Cube is not merely a private company but a cut-out, an independent contractor that takes on the dirty jobs that Israel’s foreign-intelligence agency, the Mossad, either won’t or can’t pursue itself. This would shield Israel from embarrassment should such operations ever be exposed.

DIRTY TRICKS IN HUNGARY

Earlier this month, Politicoreported that Black Cube had been hired to spy on NGOs in Hungary that had been critical of that country’s authoritarian leader, Viktor Orbán, as he prepared for national elections earlier this year (the company refused to confirm or deny this claim). When he was a young university student, Orbán was a liberal reformer whose studies were fundedby Hungarian-American financier George Soros, but Orbán gradually moved to the right to further his political career. Soros, who was a child survivor of the Holocaust, established a network of civil-society NGOs under the umbrella of the Open Society Foundations. One of the foundations’ early goals was to promote the transition from communism to democratic rule in the former Soviet bloc. As Orbán moved further to the right, his former benefactor, Soros, became his chief political nemesis.

Soros didn’t bank on the torrent of opposition from far-right nationalist forces in these countries, who fear democracy and mistrust his endeavors. They cast him as a foreign agent intending to subvert the interests of the nation, a wealthy plutocrat advancing his own financial interests rather than the idealistic ones he actually espouses. Orbán has employed anti-Semitic dog whistles that liken Soros to Jewish financiers of the sort portrayed in the Protocols of the Elders of Zion.

According to Politico, Black Cube’s brief in Hungary was to trick civil-society NGOs into revealing damaging secrets, which could then be used to impugn them and Soros and promote Orbán’s political interests. Just as they had done with Weinstein’s victims, individuals purporting to work for investment firms contacted NGO leaders and invited them to meetings at posh hotels and restaurants in various European capitals, according to a former Black Cube employee and one other source. But the prospect of financial support never materialized, and after the meetings, the individuals disappeared. Their phone numbers went dead and their company websites and LinkedIn accounts were deleted. But recordings of the meetings later surfaced in ways designed to promote Orbán while maligning the Hungarian pro-democracy movement.

Three weeks before the Hungarian election, a Hungarian newspaper and the right-wing Jerusalem Post revealed that they had audio recordings of the meetings, which featured the director of Open Society in Hungary claiming that he had lobbied for Germany to pressure the Hungarian government not to adopt anti-democratic laws that could have shut down many of Open Society’s operations. The Interceptpublished a full account of the election smears. Neither the Post nor the Hungarian paper revealed who offered them the information. Neither speculated as to why the material was leaked to them. And neither noted the convenient timing of the leak.

I contacted the co-authors of the Post story asking for information about who their sources were and whether they performed any due diligence to verify the information they gave her. Neither they nor their editor responded. If these outlets were responsible journalistic enterprises, they would ask themselves these questions. They would ponder how they were hoaxed, used by their sources in a scheme to smear the reputation of a prominent philanthropist along with Hungarian civil-society groups that were drawn into the tawdry operation.

Over the past year, Israeli Prime Minister Benjamin Netanyahu has engaged in a campaign to cultivate right-wing governments in Poland, Hungary, and elsewhere. He visited Orbán in Hungary, despite the fact that the local Jewish community warned him away, saying the country’s leader was an anti-Semite. But Netanyahu recently welcomed Orbán upon the latter’s first visit to Israel as prime minister. There he made the customary pilgrimage of visiting national leaders to Yad Vashem, the national Holocaust memorial. Israeli Holocaust survivors and human-rights activists were outraged and blocked his car from leaving the museum. To them, the Hungarian leader is irredeemable. He’s spoken favorably of Hungary’s World War II fascist government, which colluded in the ethnic cleansing of more than 400,000 Hungarian Jews by the Nazis, some 225,000 of whom were murdered at Auschwitz. I wonder how Yad Vashem can justify permitting such a figure to set foot on its sacred altar to the memory of the 6 million.

I asked an Israeli security source whether his agency had any concerns about the activities of Black Cube, and whether the company might be viewed as compromising the security or political interests of Israel. He replied that the activities of the company were a political rather than a security issue. Considering that many of Black Cube’s staff are veterans of Unit 8200 and the Israeli intelligence apparatus, this was not a very satisfying answer.

There will eventually come a reckoning over Black Cube’s covert operations. A future scandal could envelop not just the company itself but the nation that produced it.

NSO GROUP: AIDING AND ABETTING REPRESSION

Israel’s NSO Group sabotages the political affairs of foreign nations in a different way. It too hires talented cyber-intelligence specialists from Unit 8200; one of the company’s three founders was an 8200 cyber-hacker. They are hired because they bring with them methods and code used by Israeli SIGINT to hack the phones of Palestinians and other targets of Israeli surveillance.

One hacking tool developed by NSO, Pegasus, may be downloaded to a target’s phone after the target clicks a spearphishing link sent to the device. Once the tool is downloaded, Pegasus essentially takes control of the device, permitting the attacker to intercept e-mail, download documents, listen to any conversations the user might have, and intercept video recordings. It also offers the attacker GPS positions so he knows where the target is at all times.

The only reason we know all this is that victims whose phones had begun to behave strangely sought help; some consulted Citizen Lab, a forensic outfit affiliated with the Munk School of Global Affairs at the University of Toronto dedicated to promoting human rights via the web. Its technicians discovered Pegasus around the same time as The New York Times, which revealed that the Mexican intelligence service deployed Pegasus against journalists as well as human-rights and civil-society activists who had criticized that government’s refusal to investigate alleged murders of Mexican citizens by police and other government authorities.

Citizen Lab first discovered Pegasus after being contacted by a human-rights activist in the United Arab Emirates, Ahmed Mansoor, who suspected a malware attack; that was when Citizen Lab technicians detected the NSO spyware. Mansoor, who is part of the Shiite minority in a country controlled by Sunni Muslims, was later sentenced to 10 years in prison for using social media to spread “hate and sectarianism.” Clearly, the Israeli company’s tool was used as part of a system of control exerted by the UAE’s Sunni elite to suppress activism by the Shiite minority.

NSO claims that its licensing agreement specifies that its products may be used by governments only to fight crime and terrorism, and that clients are precluded from using them to attack citizens for their activism. When journalists have pointed out that clients have used the technology in ways not allowed by the contract, the company claims it is not responsible for how its technology is used and does not maintain any record of such usage.

This raises the possibility that NSO could engineer a feature permitting it to track the usage of Pegasus. Such a feature would enable the company to consult with clients to ensure that its tool is not misused. But it seems NSO prefers the ease of shipping the product, taking payment, and washing its hands of what might happen afterward.

As Citizen Lab indicated in a recently released statement, the entire field of cyber-hacking is barely regulated (the Israeli defense ministry must license all exports of Pegasus, but it is not known to prohibit or interfere with such sales). This only encourages abuse by both coders and clients. Nations—and Israel is not the only state with companies engaged in such hacking—must step forward and set both ethical and political standards that determine how these tools may be used and which uses are prohibited. Journalists and activists must lobby national and international authorities to stop this kind of foreign interference in a country’s domestic politics.

I would also think that the companies themselves, if they value their business models, would attempt to negotiate some form of regulation that both permits them to pursue their business objectives while also adhering to a common set of standards. But so far they seem oblivious to the consequences of their actions.

One way of pressuring both governmental authorities and the companies themselves is by targeting them in the financial markets. NSO, as a tech start-up, is part of the Silicon Valley economy. In 2014, a few years after its founding, it was purchased by a venture-capital firm, Francisco Partners, for $120 million. Francisco later sought to sell its controlling interest to other venture-capital firms. Among other factors, it could boast that NSO cleared $200 million in annual profits. Last year one of the largest such institutions, Blackstone, offered to buy a 40 percent interest for $400 million. This would have valued NSO at $1 billion, thus bestowing upon it the highly sought-after designation of “unicorn.”

Access Now and other human-rights groups mounted a campaign to pressure the publicly traded Blackstone to back off the purchase of NSO, and eventually the deal fell through. In the latest development, VERINT, originally an Israeli start-up, offered to buy NSO for $1 billion, which would have offered Francisco a handsome 730 percent return on its original investment. These plans were derailed by several developments.

First, in the midst of the purchase negotiations, NSO discovered that a disgruntled employee, who was eventually fired, had stolen a hard drive containing both Pegasus and other secret company documents. He offered the company’s crown jewels to one potential customer for $50 million in crypto-currencies. Though the customer reported the approach to executives at the firm, the damage had been done. The employee had the hard drive for three weeks, and while NSO claims he did not compromise any corporate secrets, it has no way of knowing this for sure. VERINT backed out of the deal and Francisco was once again left with a valuable commodity it couldn’t seem to unload.

Israeli media reporting on this incident offer some tantalizing information not reported elsewhere: First, the employee theft was placed under a gag order, presumably sought by NSO, which would have wanted to keep bad news under wraps so as not to sabotage sale negotiations. The problem with this is that if the gag order hadn’t been lifted, VERINT would have been deprived of information crucial to its business decisions and its valuation of the property.

Second, an article in the Israeli business publication Globes notes several times (in the Hebrew edition) that the NSO theft was considered by authorities to be one of the most serious compromises of national security on record. That may mean several things: It may mean that Pegasus, or at least substantial elements of it, was developed not by NSO but by Unit 8200. Its veterans could have taken the code they developed during military service and further developed it into the commercial product. If this is true, it would strengthen arguments that Israeli cyber-hackers serving in military intelligence are using tools like Pegasus to infiltrate foreign governments, target BDS and other human-rights activists, or even target victims for Israeli assassination operations.

That would mean that compromising Pegasus could endanger the Israeli government’s cyber-hacking operations around the globe. Should a rival intelligence service gain access to the Pegasus code, it could develop ways to counter or disable it. That would frustrate the intelligence operations of Unit 8200, IDF military intelligence (AMAN), the Mossad, and Shabak, with serious consequences for the security of the state itself. That is why this theft is considered more than just a mishap for a single business, but rather a potential national-security crisis.

With the exploding corporate valuations indicated above, other Israeli start-ups are getting in on the action. Earlier this month, business publications reported the first round of $12.5 million in financing for Toka, a company developing software that permits clients to take control of various household devices known as the Internet of Things. Any home-electronics, thermostat, alarm, or home speaker system communicating with Internet servers would be vulnerable.

This is essentially a replication of the NSO business model, transferred to the home environment. Imagine: The very place where people expect the most privacy and security could be transformed into a peephole for snooping companies or individuals. Toka’s co-founder is former prime minister Barak, one of hundreds of former Israeli generals and intelligence officials paid handsome consulting fees or lucrative stock options to exploit business contacts in the military-security world for companies like Toka.

Richard SilversteinRichard Silverstein is a freelance journalist and regular contributor to Middle East Eye. He also writes the blog Tikun Olam, which exposes the excesses of the Israeli national-security state. He contributed chapters to the Independent Jewish Voices collection A Time to Speak Out and to Israel and Palestine: Alternatives to Statehood.